forked from extern/shorewall_code
Merge branch '4.4.20'
This commit is contained in:
commit
186f89f387
@ -35,9 +35,8 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
did not specify a number. Now, the compiler selects the lowest
|
||||
unallocated number when no device number is explicitly allocated.
|
||||
|
||||
2) Network developers have discovered an exploit that allows hosts to
|
||||
poke holes in a firewall. The known ways to protect against the
|
||||
exploit are:
|
||||
2) Certain attacks can be best defended through use of one of these
|
||||
two measures.
|
||||
|
||||
a) rt_filter (Shorewall's routefilter). Only applicable to IPv4
|
||||
and can't be used with some multi-ISP configurations.
|
||||
@ -47,8 +46,8 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
rules. This approach is not appropriate for bridges and other
|
||||
cases, where the 'routeback' option is specified or implied.
|
||||
|
||||
For non-routeback interfaces, Shorewall and Shorewall6 will insert
|
||||
a hairpin rule, provided that the routefilter option is not
|
||||
For non-routeback interfaces, Shorewall and Shorewall6 will now
|
||||
insert a hairpin rule, provided that the routefilter option is not
|
||||
specified. The rule will dispose of hairpins according to the
|
||||
setting of two new options in shorewall.conf and shorewall6.conf:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user